GO4Monitoring platform
Overview Platform Capabilities How it works Docs Client login
English EN Български BG
Client login
Public information

Privacy Policy

Last updated: 4 July 2026

This Privacy Policy explains how DIGILAB EOOD processes personal data in connection with GO4, a website and Shopify store monitoring service.

Company: DIGILAB EOOD
Address: Bulgaria, Sofia, zh.k. Ilinden, bl. 17, vh. 12
VAT/Bulstat: BG208018721
Privacy contact: hello@go4.biz

This Privacy Policy describes the current GO4 service based on the current application functionality. It should be reviewed by qualified legal counsel before final publication.

1. Scope of this Privacy Policy

This Privacy Policy applies to:

  • the GO4 public website and public legal/support pages
  • the GO4 admin dashboard
  • the GO4 Shopify embedded app
  • GO4 monitoring, Browser Lab, Action Journey, Shopify audit and alerting features
  • support, contact and request access forms
  • transactional emails sent by GO4

This Privacy Policy does not replace the privacy policy of a merchant’s own Shopify store or website.

2. Who is responsible for processing data

For GO4 account, billing, support, security and service operation data, DIGILAB EOOD acts as the data controller.

When a merchant uses GO4 to monitor its own website or Shopify store, the merchant is usually the controller of any personal data that may appear in the monitored website content, URLs, screenshots, page evidence, error messages or configured journeys.

In those cases, DIGILAB EOOD processes such data on behalf of the merchant for the purpose of providing the GO4 service.

3. Data we collect and process

Depending on how GO4 is used, we may process the following categories of data.

Account and organization data

  • user name and email address
  • account role, status and permissions
  • workspace, organization and site assignments
  • password hashes and account recovery or invitation data
  • login timestamps, session and security data
  • language and interface preferences

Website and monitoring data

  • website names, domains and URLs
  • check names, check types, intervals and monitoring settings
  • expected or unexpected text configured by the user
  • HTTP status, response times and error messages
  • response excerpts and diagnostic metadata
  • incidents, alert logs and notification status
  • sitemap, SEO, product, collection and cart monitoring results

Browser Lab and Action Journey data

When Browser Lab or Action Journey features are used, GO4 may process:

  • requested URL and final URL
  • browser profile, viewport and timing data
  • network or resource failures
  • JavaScript error samples
  • DOM assertion results and text excerpts
  • journey step labels, selectors, configured actions and results
  • screenshots and screenshot metadata, if screenshot capture is enabled
  • technical evidence needed to show why a monitoring check passed, warned or failed

Merchants should not place passwords, payment card data, customer personal data or other sensitive information in Action Journey field values, selectors, labels or assertions unless this is strictly necessary and legally permitted.

Shopify app and store data

When GO4 is installed as a Shopify app, we may process:

  • Shopify shop domain
  • shop name, primary domain and shop email
  • OAuth installation and connection status
  • granted Shopify API scopes
  • encrypted Shopify access token
  • install, uninstall and reinstall timestamps
  • linked GO4 workspace or site
  • Shopify webhook registration and compliance webhook status
  • Shopify product or variant data used for monitoring setup, where applicable
  • Shopify billing or plan status, if billing is enabled through Shopify

GO4 uses Shopify API access only for the functionality provided by the app and the scopes approved during installation.

The current GO4 application design is focused on store monitoring and does not intentionally collect customer payment card data.

JS Agent data, if enabled

If a merchant manually installs or enables the GO4 JS Agent, GO4 may process browser-side technical monitoring events such as:

  • page URL or path
  • page title, canonical URL, robots and meta description
  • viewport and screen data
  • performance timings
  • JavaScript and resource error samples
  • Shopify page type, theme and product or variant signals where available
  • cart endpoint availability status
  • DOM assertion snippets and resource diagnostics, depending on configured checks

The JS Agent includes URL query sanitization options intended to reduce accidental collection of sensitive query parameters.

Merchants remain responsible for configuring the JS Agent in a privacy-aware way.

Support and communication data

When a person contacts us through a form or by email, we may process:

  • name
  • email address
  • company or brand name
  • website URL
  • message content
  • support category
  • language
  • IP address and timestamp where technically available
  • email delivery and transactional email metadata

Billing and subscription data

If billing is enabled, GO4 may process:

  • selected plan or plan key
  • billing channel and billing source
  • subscription reference and subscription status
  • trial status and dates
  • current billing period information
  • billing sync status and billing-related diagnostic metadata

Payments handled through Shopify are processed by Shopify through Shopify’s billing systems.

GO4 does not directly process payment card details for Shopify app billing.

Security and compliance data

We may process technical and security data such as:

  • session data and authentication events
  • IP addresses
  • CSRF and OAuth state
  • webhook HMAC validation status
  • hashed compliance webhook payload references
  • audit and worker logs
  • error logs needed to maintain the service

4. Shopify compliance webhooks

GO4 implements Shopify compliance webhook endpoints for data subject and shop data requests.

These may include:

  • customer data request events
  • customer redact events
  • shop redact events

For these events, GO4 may record the webhook topic, shop domain, Shopify shop or customer identifiers where provided, HMAC validation status, processing status and a hash of the payload.

The raw webhook payload is not intended to be stored as part of the compliance event record.

Some requests may require manual review to identify whether GO4 holds relevant data and to take appropriate action.

5. Purposes of processing

We process data for the following purposes:

  • creating and managing GO4 accounts
  • providing monitoring, audit, Browser Lab, Action Journey and alerting features
  • connecting Shopify stores to GO4
  • verifying Shopify installation, uninstall and embedded app sessions
  • sending transactional emails, alerts and support replies
  • providing customer support
  • managing plans, billing status and subscription-related access
  • securing the service and preventing abuse
  • diagnosing errors and improving reliability
  • complying with legal obligations and Shopify platform requirements

6. Legal bases under GDPR

Where GDPR applies, we rely on one or more of the following legal bases:

  • contract performance, where processing is needed to provide the GO4 service
  • legitimate interests, such as securing, operating and improving the service
  • legal obligations, where we must keep or process data to comply with law or platform requirements
  • consent, where consent is required for optional cookies or optional features
  • merchant instructions, where we process data as a service provider or processor for the merchant

7. Data sharing

We do not sell personal data.

We may share data with:

  • Shopify, where necessary for app installation, authentication, API access, compliance webhooks and billing
  • email delivery infrastructure used for transactional and support emails
  • hosting, database, storage and security infrastructure used to operate GO4
  • professional advisers, authorities or regulators where legally required
  • service providers acting on our behalf under appropriate confidentiality and data protection obligations

A list of named subprocessors should be published separately once the production hosting, email and infrastructure providers are confirmed.

8. International transfers

GO4 is operated by a company established in Bulgaria, European Union.

Depending on the infrastructure and services used, data may be processed in countries outside Bulgaria or outside the European Economic Area.

Where required, appropriate safeguards should be used, such as contractual data protection commitments or other lawful transfer mechanisms.

9. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy.

Retention periods may depend on account status, plan, monitoring settings, incident history, screenshot settings, legal requirements and operational cleanup policies.

Examples:

  • account and workspace data may be kept while the account is active and for a reasonable period after closure
  • monitoring history may be retained according to GO4 retention settings and cleanup jobs
  • Browser Lab screenshots may be retained only when screenshot capture and history settings allow it
  • JS Agent events may be retained according to the configured agent retention period
  • support emails may be retained in the support mailbox for customer service and legal record purposes
  • security and audit logs may be retained for abuse prevention and compliance

Merchants can request deletion of account or store-related data, subject to legal, security and billing retention requirements.

10. Security

GO4 uses technical and organizational measures designed to protect data, including:

  • password hashing
  • session security controls
  • CSRF protections
  • Shopify OAuth and HMAC verification
  • encrypted storage for Shopify access tokens and SMTP secrets where configured
  • role-based access controls
  • limited access to administrative features
  • monitoring and diagnostic logging

No system can be guaranteed to be completely secure.

Merchants should configure GO4 carefully and avoid placing unnecessary personal or sensitive information in monitoring settings.

11. Merchant responsibilities

Merchants are responsible for:

  • ensuring they have the right to monitor the websites and Shopify stores they add to GO4
  • configuring checks in a privacy-aware way
  • not adding unnecessary personal data to URLs, check names, selectors, Action Journey field values or expected text
  • updating their own store privacy policy if GO4 JS Agent or similar browser-side monitoring is installed on their storefront
  • responding to their own customers’ privacy requests where the merchant is the controller

12. Data subject rights

Where applicable law gives you these rights, you may request:

  • access to your personal data
  • correction of inaccurate data
  • deletion of personal data
  • restriction of processing
  • objection to processing
  • data portability
  • withdrawal of consent where processing is based on consent

To exercise your rights, contact us at [insert privacy/support email].

We may need to verify your identity before responding.

If your request relates to a merchant’s Shopify store or website, we may direct you to the relevant merchant.

13. Children

GO4 is a business service intended for merchants, companies and professional users.

It is not intended for children.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The updated version will be published on this page with a new Last updated date.

15. Contact

DIGILAB EOOD
Bulgaria, Sofia, zh.k. Ilinden, bl. 17, vh. 12
VAT/Bulstat: BG208018721
Privacy contact: hello@go4.biz

GO4

GO4 © 2026 GO4. All rights reserved.
Overview Platform Capabilities How it works Docs Client login Cookie Policy Privacy Policy Terms of Service Contact
Request access

Request access to GO4

Tell us who you are and what you want to monitor. We will contact you with the next steps.

Your request is sent securely to the GO4 team. Privacy